1

So the connection has been established and here is the code. What im trying to do is get two var from the url and save them as a var. I am getting an error and the php is not working and i know the information in the url is correct and matched the database. The error is "The url is either invalid or you already have activated your account." which is what the php returns if there isnt a match so im guessing that the disconnect is between the url and var setting. Code:

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) &&     !empty($_GET['hash'])){  
// Verify data  
$email = mysql_escape_string($_GET['email']); // Set email variable  
$hash = mysql_escape_string($_GET['hash']); // Set hash variable  

$search = mysql_query("SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());  
$match  = mysql_num_rows($search);  

if($match > 0){  
    // We have a match, activate the account  
    mysql_query("UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());  
    echo '<div class="statusmsg">Your account has been activated, you can now login</div>';  
}else{  
    // No match -> invalid url or account has already been activated.  
    echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';  
}  

}else{  
// Invalid approach  
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';  
}  
?>

URL:

http://www.aliahealthcare.com/verify.php?email='[email protected].'&hash='.67f7fb873eaf29526a11a9b7ac33bfac.'

Improve this question
3
  • The error is "The url is either invalid or you already have activated your account." which is what the php returns if there isnt a match so im guessing that the disconnect is between the url and var setting. Commented Aug 3, 2011 at 20:06
  • The email will be something like '[email protected].', not what is expected. Remove the periods and single quotes from the url and that should work. Commented Aug 3, 2011 at 20:15
  • you were right it was the quotes!! thanks so much !! Commented Aug 3, 2011 at 20:24

2 Answers 2

Reset to default
1

It looks like the PHP is solid, so I don't think that is your issue. I couldn't help but notice, though that you have a couple of '.' in the URL. I think you need to get rid of them:

http://www.aliahealthcare.com/[email protected]&hash=67f7fb873eaf29526a11a9b7ac33bfac

To be sure, try echoing out the email and hash values before using mysql_real_escape_string. I'll wager the code is fine, but I suspect the input.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

code looks fine to me

i would try doing this

$sql = "SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'";

echo $sql;

$search = mysql_query($sql);

check the sql that is echo'd looks ok, and try running it in phpmyadmin or via cmdline to confirm that a row does exist for those parameters

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.